Archives for February 2016

On Tuesday evening, word spread around the Internet that a federal magistrate in California had ordered Apple to assist the government in, for lack of a better word, “hacking” its own iPhone, specifically an iPhone related to the San Bernardino shootings several months ago. Apple has previously been on record, in federal court, as saying even it cannot access its new “secure” iOS operating system.

Apple likely anticipated this ruling, as within hours, Apple CEO Tim Cook moved the fight from the court of law to the court of public opinion, issuing this public appeal.

The Court of Public Opinion: Potentially a Harsh Mistress

Borrowing from the playbooks of the popular “Serial” podcast, and the more recent and just-as-popular Netflix series “Making a Murderer“, Apple has made a calculated move to take what appears to be a strictly legal battle to the court of public opinion. While outwardly it may seem that this would produce at least a temporary groundswell of support in Apple’s favor, given the public outcry for privacy against government surveillance since the Edward Snowden debacle of 2013, it probably won’t have much impact on Apple’s chances in the courtroom and certainly doesn’t change the text of the All Writs Act of 1789.

In, fact it may produce a backlash against Apple in terms of Apple enabling would-be criminals to “go dark” behind a cloak of encryption. More on that from Brad Reed here. Apple’s PR dollars may be better spent lobbying Congress.

Monetizing Privacy

Going back to Mr. Snowden, the high school dropout turned government contractor turned alleged felon, even he has had plenty of his own unsupported speculation to stoke the fire:

Although, back to that “court of public opinion”, Snowden has a massive following and has been nearly the sole impetus behind the recent “privacy” movement that the US corporate world is pitching to the public. Lets be clear, Apple is a for-profit corporation. Anyone who has shelled out $29.99 for their Apple certified power cable can tell you that.

Secretly, in terms of their level of effort, Apple may not ultimately care whether they are compelled the open the San Bernardino iPhone. It will likely be of negligible impact in terms of technical time and cost. They control what their iOS (the iPhone operating system) does and doesn’t do.

But they do care about profits. And appearances (which also impact profits). So, they have every incentive to wage this legal war as publicly as possible and run the issue to ground, so they’ll be seen as sticking up for the little guy against Big Surveillance. And you’ll keep buying their products.

In today’s edition, the long-dormant Reliance Forensics blog starts anew, serving both the legal and forensic communities with regular updates. While working client engagements and conducting trainings in the past year has given us invaluable substantive experience that we can share, it hasn’t left a lot of time for blog writing. Look for more regular updates going forward, and deeper dives into various topics of interest at the intersection of law and digital forensics. Until then:

If you’re looking to access data on a newer iPhone that is locked, the best options are to try to find an iCloud backup (if you have the credentials and proper authorization), or an iTunes backup on a computer into which the iPhone has been plugged (Mac, Windows, doesn’t matter). Many times users have these iTunes backups and don’t even realize it, as they are stored in a location on the computer hidden to the user. They can often be processed for most user data, including some deleted data, just as if we had the original device.

Along those lines, forensic examiner Devon Ackerman recently posted to LinkedIn regarding the forensics possible on various versions of the iPhone by operating system. As this has been very much a moving target, I hope it can be maintained. The current version is linked here.

I recently wrote a piece on ForensicFocus.com discussing the core training curriculum for Cellebrite’s mobile forensic equipment and software. It can be found here. Regardless of the vendor, good mobile forensics equipment is a significant investment. We’ve found the training to be an invaluable resource that allows a far deeper dive into the data than would have been possible otherwise.